hi, I think I found a bug, but I have no time to do all the django requirements to report it. And of course first your opinion.
Here the form doesn't validate the new_password1 if is an False context boolean object. If we left the new_password1 field empty string or None if jump the "if password1 and password2" validation and return password2. Then when the form safes the data save the password1. Well I think this will not have to occur. And the same for this class AdminPasswordChangeForm. And my fast solution is this line: new_password1 = forms.CharField(label=_("New password"), widget=forms.PasswordInput required=True) class SetPasswordForm(forms.Form): """ A form that lets a user change set his/her password without entering the old password """ new_password1 = forms.CharField(label=_("New password"), widget=forms.PasswordInput) new_password2 = forms.CharField(label=_("New password confirmation"), widget=forms.PasswordInput) def __init__(self, user, *args, **kwargs): self.user = user super(SetPasswordForm, self).__init__(*args, **kwargs) def clean_new_password2(self): password1 = self.cleaned_data.get('new_password1') password2 = self.cleaned_data.get('new_password2') if password1 and password2: if password1 != password2: raise forms.ValidationError(_("The two password fields didn't match.")) return password2 def save(self, commit=True): self.user.set_password(self.cleaned_data['new_password1']) if commit: self.user.save() return self.user Thanks -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.